CONTENTS

While
scep(1)
only performs one request to a SCEP server and does not handle pending
replies by trying again,
scepclient handles the full SCEP protocol.
It does so be repeating calls to
scep(1)
until the certificate is granted, refused or a timeout
(too many retries) occurs.
The options needed to control the behavior of
scepclient are essentially identical to those of
scep.

increase the debug level by one (although this may not really be useful
in this particular case).

-ccacertificate

specifies
cacertificate as the file containing the certificate of the certification
authority we want our request to sign.

-rrequest

specifies the file to contain the request. Note that the first
call to scep generates the request from the private key
specified with the
-k option and the distinguished name on the command line.

-kkeyfile

The file
keyfile contains the private key of the user in PEM format.

-wchallenge

specifies the challenge password to include in the options of the
generated request. Note that this is only necessary in the first
request, when the request file does not exist yet. Later requests
for the certificate do no longer need the challenge password.

-p

directs
scep to poll the server for a the certificate. This is only needed if the first
request provokes a pending reply.

-uurl

Defines the URL to contact for SCEP requests. This will normally be
something like